Default permissions of /home/user..

Vlad GALU vladgalu at gmail.com
Sat Oct 23 14:13:42 PDT 2004 

On Sat, 23 Oct 2004 16:03:15 +0100 (BST), Robert Watson
<rwatson at freebsd.org> wrote:
> 
> On Thu, 21 Oct 2004, Jesper Wallin wrote:
> 
> > I've asked this question before without getting any further help
> > really..  When a new user is added using "adduser" on 5.x (havn't really
> > checked if it's the same under 4.x or not), the default homedir
> > permission is 755 (drwxr-xr-x) which to me, looks a bit insecure? It's
> > of course pretty easy to solve it by a simple chmod, but yet, isn't
> > there anyway to change the default chmod value? Last time I asked about
> > this, people told me to check out the skel directory, but the only thing
> > you can do in there is to change the default chmod value of the
> > files/directories _in_ the homedir, not the chmod values of the actually
> > homedir.. I would be glad if someone could give me further assistanse
> > how do solve this without manually modifying the "adduser"  script.. and
> > if it this option doesn't exist, shouldn't it be added or is it just me
> > who want my homedir secure from other users? ;)
> 
> I'm a fan of creating "public", "public_html", and "private" directories
> in the user's home directory when their account is created, with
> appropriate permissions.  That way I can just tell users "put the file in
> your private directory if you want it to be private".  I use custom
> scripts for accounts here, but you may just be able to create those
> prototype directories in skel and have adduser do the right thing.

     One thing though. The mtree file that controls the permissions
for / specifies 0755 as the mask for /root. It's allright with me, I
have "chmod /root 0600" in my .profile, but still ...

> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org      Principal Research Scientist, McAfee Research
> 
> 
> 
> 
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
> 


-- 
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.

More information about the freebsd-security mailing list